解码的base64字符串？请 ：（ [英] Decoding base64 string? please :(

问题描述

<?php $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=1132;eval((base64_decode('JE8wMDBPME8wMD1mb3BlbigkT09PME8wTzAwLCdyYicpO3doaWxlKC0tJE8wME8wME8wMClmZ2V0cygkTzAwME8wTzAwLDEwMjQpO2ZnZXRzKCRPMDAwTzBPMDAsNDA5Nik7JE9PMDBPMDBPMD0oYmFzZTY0X2RlY29kZShzdHJ0cihmcmVhZCgkTzAwME8wTzAwLDM3MiksJ0VudGVyeW91d2toUkhZS05XT1VUQWFCYkNjRGRGZkdnSWlKakxsTW1QcFFxU3NWdlh4WnowMTIzNDU2Nzg5Ky89JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?>

kr9NHenNHenNHe1lFMamb3klFoxiC2APk19gOLlHOa9gkZXJkZwVkr9NTznNHr8XHt4JkZwShokiF2A2Yy9LcBYvcoAPF3OZfuwPcmklCBWPkr8XHenNHr8XHtXLT08XHr8XHeEXhUXmOB50cbk5d3a3D2iUUylRTlfNaaOnCAkJW2YrcrcMO2fkDApQToxYdanXAbyTF1c2BuiDGjExHjH0YTC3KeLqRz0mRtfnWLYrOAcuUrlhU0xYTL9WAakTayaBa1icBMyJC2OlcMfPDBpqdo1Vd3nxFmY0fbc3Gul6HerZHzW1YjF4KUSvkZLphUL7cMYSd3YlhtONHeEXTznNHeEpK2a2CBXPkr9NHenNHenNHtL7RZ8IAriWTr9eU0lAT1nAwyYAWakAtJOXfbkjDoyzcBYvcoAINUnWaakeUryTOa9eT0OyKXPLfoyZc2a0b3aZdtE9wtkPfuOXKJ8vf3f3RMpvCmplcBSVC29sR2yXDU9zcByZC2IvN2pvCmplcBS9kopvCmplcBSMDB5LcBaLNUOpdMOlcBWMC2yZcBaZDMa0NUOjCbklcbkQcbWMFuaZC2iiF2ajd2OlNUOXfbkjDoyzcBYvcoAMD2a5f29Zce0LFUcSd2Yifolvdj0Ldtcjdz0LC28MF29Zfe0LF29ZftcZCBOpfbH9kukicol1FZczfe0LF3WMDmO5FoA9kop0kmY0Cbk0NUOzfoyZftcvdoW9kocZd21ic2AJKXPvR2ajDo8IkuOiFMflfy91FMX7tJO1F2aZWBfldmWINUEmO29vc2xlCM90RzwVHUEPDuO0FePvR3f3fZ5md29mdoaJd3WVC29sR2kvft5Pfo1ShUF7tIPvRZnsCBslwuOPcUnjaakHwuklFbalF3WIfo8IkuOiFMflfy91FMXhkoYPwe0IC3aZdy9pdMl0htL7tMY1FMxgF2a0d3n0htOjDtXIW1aUTr9Way9aA0aUWAfyTlWSwtO1F2aZWBfldmWpKXpjfbkSb3Ylfo9XftILC2ISwrYaALxNAyOgaakHRtO0CbkmcbOgfbkShTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0cnUAxNTLaUAL9URtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0cNTrxNa0xNW0yAUA9KRtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb0yaar9UOAcyALaURtn0FmalhTShC3aZdy9zcbOvFuWPkoYPRtneaakHT1nAb1kyayaUTlOUWA5TOLaURuOZfBApKXpjfbkSb3Ylfo9XftILC2ISwrYaALxNAyOgarlYOA9aatXIYTEXhTShkuisduY0FMlVcz0IC3aZdy9lGoajhtOjDtL7tIPLGo1SF3OZDB5mwe0IkuisduY0FMlVczShkopzd25gFMaXduLINUnQF29Vb2OlC29LcUILGo1SF3OZDB5mRtn0FmalhTShtI==

我似乎无法去code这个字符串的base64是一个字preSS主题的页脚。我希望能够添加更多的注脚。

I can't seem to decode this base64 string which is in the footer of a wordpress theme. I want to be able to add more to the footer.

任何帮助AP preciated，谢谢！

Any help appreciated, thanks!

推荐答案

好吧，这是去codeD一张code与可读性的变量（教育目的）：

Ok, this is the decoded piece of code with readable variables (for educational purposes):

<?php
    $the_current_file = __FILE__;
    $the_line_number_of_this_line   = __LINE__;

    $fileResource = fopen($the_current_file, 'rb');

    while (--$the_line_number_of_this_line) //For every line of code the code before this line
    {
        fgets($fileResource, 1024); //
    }

    fgets($fileResource, 4096);

    $codeToEvaluate = (base64_decode(strtr(fread($fileResource, 372), 'EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/=', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')));
    eval($codeToEvaluate);

    return; 

所以基本上，徘徊无论这块code被包括在内，它需要每一个前行，并替换字符 EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789 + / = 与 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 + / 。然后，它的base64德codeS是和eval的吧。我会做一个死亡（$codeToEvaluate）; 在的eval（$codeToEvaluate）来找出执行哪块code的。

So basically, whereever this piece of code is included, it takes every line before it and replaces the characters EnteryouwkhRHYKNWOUTAaBbCcDdFfGgIiJjLlMmPpQqSsVvXxZz0123456789+/= with ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/. Then, it base64 decodes that and eval's it. I'd do a die($codeToEvaluate); before eval($codeToEvaluate) to find out what piece of code is executed.

不过，伤势严重。如果这个主题的开发者试图从你的东西混淆，无论是恶意或你试图破解过去的一些牌，因为你不希望他们在归属页脚。信用他们或他们支付。

But then, seriously. If the developers of this theme tried to obfuscate something from you, either it's malicious or you're trying to crack past some licensing because you don't want their attribution in the footer. Credit them or pay them.

所以，底线是：购买该死的主题或另谋的

修改

这似乎是code，这就是被执行：

This seems to be the code, thats being executed:

 $purchasecode = PURCHASE_CODE;
    $target_url   = "http://www.jobzeek.com/api/search/?jobzeek=$jobzeek&indeed=$indeed&careerjet=$careerjet&purchasecode=$purchasecode&keyword=$q&location=$l&co=$co&sort=$sort&radius=$radius&st=$st&jtype=$jt&start=$start&old=$fromage";
//echo $target_url;
    $userAgent = 'Googlebot/2.1 (http://www.googlebot.com/bot.html)';

// make the cURL request to $target_url
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
    curl_setopt($ch, CURLOPT_URL, $target_url);
    curl_setopt($ch, CURLOPT_FAILONERROR, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_AUTOREFERER, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 500);
    $xmlstring = curl_exec($ch);

    $xmlstring  = $xmlstring;
    $json_reply = json_decode($xmlstring, true);

这篇关于解码的base64字符串？请 ：（的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！